Joined: 12 May 2004
|Posted: Sat Oct 26, 2013 8:26 pm Post subject: [ GLSA 201310-16 ] TPTEST: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: TPTEST: Arbitrary code execution (GLSA 201310-16)
Date: October 26, 2013
Two buffer overflow vulnerabilities in TPTEST may allow remote
attackers to execute arbitrary code or cause Denial of Service.
TPTEST is a tool to measure the speed of a user’s Internet connection.
Vulnerable: < 3.1.7-r2
Unaffected: >= 3.1.7-r2
Architectures: All supported architectures
The GetStatsFromLine() function in TPTEST is vulnerable to buffer
overflows from STATS lines with long email and pwd fields.
A remote attacker could send a specially-crafted STATS line, possibly
resulting in arbitrary code execution or a Denial of Service condition.
There is no known workaround at this time.
All TPTEST users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/tptest-3.1.7-r2"